Improve ansible code so that ansibe-lint shows fewer errors

2025-03-24 07:33:56 +01:00 · 2025-03-24 07:33:56 +01:00 · f965f4466c
commit f965f4466c
parent e8ef744f59
23 changed files with 228 additions and 189 deletions
--- a/roles/lmn_fvs/tasks/main.yml
+++ b/roles/lmn_fvs/tasks/main.yml
@ -14,9 +14,8 @@
    vtype: string
  when: mirror_msfonts is defined and mirror_msfonts | length > 0

-
 - name: Install desktop EDU packages and some more
-  apt:
+  ansible.builtin.apt:
    name:
      - atftp
      - audacity
@ -90,7 +89,7 @@
    http_proxy: '' # this is needed to avoid ttf-mscorefonts-installer picking up aptcacher

 - name: Remove update notifications from plasma-discover
-  apt:
+  ansible.builtin.apt:
    name:
      - plasma-discover
    autoremove: true
@ -100,6 +99,7 @@
 - name: Make sure wireshark works for all users after installation and upgrades
  ansible.builtin.copy:
    dest: /etc/apt/apt.conf.d/92wireshark4all
+    mode: '0644'
    content: |
      ## Modify permissions after installation/upgrade to allow all
      ## users dumping packages on network interfaces for wireshark
@ -122,6 +122,7 @@
  ansible.builtin.copy:
    src: policies.json
    dest: /etc/firefox-esr/policies/
+    mode: '0644'

 - name: Create chromium policies directory
  ansible.builtin.file:
@ -130,8 +131,9 @@
    mode: '0755'

 - name: Set chromium proxy-policy to auto_detect
-  copy:
+  ansible.builtin.copy:
    dest: /etc/chromium/policies/managed/proxy.json
+    mode: '0644'
    content: |
      {
        "ProxyMode": "auto_detect"
@ -144,20 +146,20 @@
    replace: '  \1'

 - name: Copy some scripts
-  copy:
+  ansible.builtin.copy:
    src: "{{ item }}"
    dest: /usr/local/sbin/
-    mode: 0755
+    mode: '0755'
  loop:
    - pwroff
    - bootorder.sh
    - reporter

 - name: Provide services and timers for some scripts
-  copy:
+  ansible.builtin.copy:
    src: "{{ item }}"
    dest: "/etc/systemd/system/{{ item }}"
-    mode: 0644
+    mode: '0644'
  loop:
    - pwroff.service
    - pwroff.timer
@ -166,7 +168,7 @@
  when: "'teacherlaptop' not in group_names"

 - name: Enable pwroff.timer
-  systemd:
+  ansible.builtin.systemd:
    name: "{{ item }}"
    enabled: true
  loop:
@ -175,7 +177,7 @@
  when: "'teacherlaptop' not in group_names"

 - name: PXE first boot order
-  command: /usr/local/sbin/bootorder.sh
+  ansible.builtin.command: /usr/local/sbin/bootorder.sh
  register: cmd_result
  changed_when: cmd_result.stdout is not search('Nothing to do.')
  when: "'PCroom' in group_names"
@ -184,7 +186,7 @@
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: /usr/local/bin/
-    mode: 0755
+    mode: '0755'
  loop:
    - lmn-reset-dolphin.sh
    - lmn-patch-dolphin.sh
@ -194,19 +196,21 @@
  ansible.builtin.copy:
    src: lmn-dolphin.sh
    dest: /etc/profile.d/
+    mode: '0644'


 - name: Copy fvs-config.js to configure plasma
  ansible.builtin.copy:
    src: fvs-config.js
    dest: /usr/share/plasma/shells/org.kde.plasma.desktop/contents/updates/fvs-config.js
-    mode: 0644
+    mode: '0644'


 - name: Configure some KDE aspects
-  blockinfile:
+  ansible.builtin.blockinfile:
    path: /etc/xdg/kdeglobals
    create: true
+    mode: '0644'
    block: |
      [KDE]
      SingleClick=false
@ -219,6 +223,7 @@
 - name: Shut down when idle for too long
  ansible.builtin.copy:
    dest: /etc/xdg/powermanagementprofilesrc
+    mode: '0644'
    content: |
      [AC][SuspendSession]
      idleTime=7200000
@ -228,20 +233,22 @@
 - name: Start with empty session by default
  ansible.builtin.copy:
    dest: /etc/xdg/ksmserverrc
+    mode: '0644'
    content: |
      [General]
      loginMode=emptySession

 - name: Fix primary screen for class room PCs with projector
+  when: "'CloneScreen' in group_names"
  block:
    - name: Set primary screen for login
-      blockinfile:
+      ansible.builtin.blockinfile:
        path: /usr/share/sddm/scripts/Xsetup
        block: |
          xrandr --output {{ dual_screen[0] }} --primary
      when: dual_screen is defined
    - name: Reset primary screen for login
-      blockinfile:
+      ansible.builtin.blockinfile:
        path: /usr/share/sddm/scripts/Xsetup
        state: absent
      when: dual_screen is not defined
@ -253,35 +260,36 @@
    - name: Deploy fix-screen autostarter
      ansible.builtin.copy:
        dest: /etc/xdg/autostart/lmn-fix-screen.desktop
+        mode: '0644'
        content: |
          [Desktop Entry]
          Name=fix-screen
          Exec=lmn-fix-screen
          Type=Application
          NoDisplay=true
-  when: "'CloneScreen' in group_names"

-#- name: Avoid starting kscreen (confusing autodetection)
-#  ansible.builtin.copy:
-#    dest: /etc/xdg/kded5rc
-#    content: |
-#      [Module-kscreen]
-#      autoload=false
+# - name: Avoid starting kscreen (confusing autodetection)
+#   ansible.builtin.copy:
+#     dest: /etc/xdg/kded5rc
+#     content: |
+#       [Module-kscreen]
+#       autoload=false
 #
-#- name: Disable automatic lock screen and user specific modifications
-#  ansible.builtin.copy:
-#    path: /etc/xdg/kscreenlockerrc
-#    content: |
-#      [Daemon][$i]
-#      Autolock=false
-#      LockOnResume=false
+# - name: Disable automatic lock screen and user specific modifications
+#   ansible.builtin.copy:
+#     path: /etc/xdg/kscreenlockerrc
+#     content: |
+#       [Daemon][$i]
+#       Autolock=false
+#       LockOnResume=false
 #

 - name: Download libdvdcss from mirror
  ansible.builtin.get_url:
    url: "{{ mirror_dvdcss }}/libdvdcss.so.2.2.0"
    dest: /usr/lib/x86_64-linux-gnu/libdvdcss.so.2.2.0
-    use_proxy: False
+    mode: '0644'
+    use_proxy: false
  when: mirror_dvdcss is defined and mirror_dvdcss | length > 0

 - name: Link library so name
@ -292,7 +300,7 @@
  when: mirror_dvdcss is defined and mirror_dvdcss | length > 0

 - name: Patch sddm login screen to show hostname
-  blockinfile:
+  ansible.builtin.blockinfile:
    path: /usr/share/sddm/themes/debian-breeze/Main.qml
    marker: // {mark} ANSIBLE MANAGED BLOCK
    insertbefore: '\s+//Footer'
@ -311,6 +319,7 @@
 - name: Set git default-branch to main
  ansible.builtin.copy:
    dest: /etc/gitconfig
+    mode: '0644'
    content: |
      [init]
        defaultBranch = main
@ -318,7 +327,7 @@
 - name: Adjust mmcblk-device gid to allow users to access SD-cards
  ansible.builtin.copy:
    dest: /etc/udev/rules.d/80-mmcblk.rules
-    mode: "0644"
+    mode: '0644'
    content: |
      KERNEL=="mmcblk[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", GROUP="domain users"
      KERNEL=="mmcblk[0-9]p[0-9]*", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", GROUP="domain users"
--- a/roles/lmn_fvs/tasks/sync.yml
+++ b/roles/lmn_fvs/tasks/sync.yml
@ -3,7 +3,7 @@
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
-    mode: 0755
+    mode: '0755'
  loop:
    - /usr/local/share/applications
    - /usr/local/share/desktop-directories
@ -13,24 +13,26 @@
  ansible.builtin.copy:
    src: fvs.directory
    dest: /usr/local/share/desktop-directories/
+    mode: '0644'
  notify: Run update-desktop-database

 - name: Copy fvs.menu
  ansible.builtin.copy:
    src: fvs.menu
    dest: /etc/xdg/menus/applications-merged/
+    mode: '0644'
  notify: Run update-desktop-database

 - name: Copy lmn-sync script
  ansible.builtin.copy:
    src: lmn-sync
    dest: /usr/local/sbin/
-    mode: 0755
+    mode: '0755'
  register: lmn_sync

 - name: Run lmn-sync script
  ansible.builtin.shell: /usr/local/sbin/lmn-sync
-  when: lmn_sync.changed
+  when: lmn_sync.changed # noqa: no-handler

 - name: Deploy sudo configurations (lmn-sync for role-teacher)
  ansible.builtin.copy:
@ -42,15 +44,15 @@
      %role-teacher ALL=(root) NOPASSWD: /usr/local/sbin/lmn-sync

 - name: Provide lmn-sync service and timer
-  copy:
+  ansible.builtin.copy:
    src: "{{ item }}"
    dest: "/etc/systemd/system/{{ item }}"
-    mode: 0644
+    mode: '0644'
  loop:
    - lmn-sync.service
    - lmn-sync.timer

 - name: Enable lmn-sync.timer
-  systemd:
+  ansible.builtin.systemd:
    name: lmn-sync.timer
    enabled: true